From b7e70625fd9e98f9983e2075ecc51bd87cd99281 Mon Sep 17 00:00:00 2001
From: Mathieu Virbel <mat@meltingrocks.com>
Date: Wed, 30 Jul 2025 18:10:00 -0600
Subject: [PATCH] fix: ensure only ipv4 is supported, ipv6 support will come
 later

---
 README.md         | 2 +-
 network-filter.sh | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index fc5f66a..563ccee 100644
--- a/README.md
+++ b/README.md
@@ -114,7 +114,7 @@ docker run --rm --network "container:net-filter" alpine ping -c 3 google.com
 
 ## Limitations
 
-- Only supports IPv4 addresses
+- **IPv4 only**: Currently only supports IPv4 addresses. IPv6 traffic is blocked and AAAA DNS records are filtered out
 - Requires periodic refresh to handle DNS changes
 - All containers sharing the network namespace share the same restrictions
 
diff --git a/network-filter.sh b/network-filter.sh
index f142f27..470b4cf 100755
--- a/network-filter.sh
+++ b/network-filter.sh
@@ -88,6 +88,7 @@ no-hosts
 no-resolv
 no-poll
 log-queries
+filter-AAAA
 $(if [[ -n "$ALLOWED_DOMAINS" ]]; then
     IFS=',' read -ra DOMAINS <<< "$ALLOWED_DOMAINS"
     for domain in "${DOMAINS[@]}"; do